Website security for small businesses

When you’re running a small business, your website is usually how your customers find you. Often, they purchase directly through your website too. So having your website go down can really cost you.

Here at Xero, our security team regularly sees the consequences of SMB websites and email accounts being compromised. We see compromised email accounts being used to send phishing and spam. We also see legitimate business websites used to host the malware and phishing pages that these emails link to. So having good security on your website doesn’t just protect your business, it can also help prevent other businesses from falling victim to cyber crime.

Incidents reported to CERT NZ show that NZ businesses are being impacted by website compromises. They’ve provided these four simple steps to help NZ businesses protect their websites.

Secure it

Your customers trust you to keep their information safe – including the communication that you have with them. An easy way to do this is to make sure your website uses HTTPS everywhere – this includes the content pages of your website and also the areas behind the scenes, like where you log in to make updates.
You should also have two-factor authentication (2FA/MFA) enabled on the account you use to login to your content management system (where you update your website). Using 2FA significantly reduces the risk of unauthorised access to your account.

Auto it

Running a business is hectic – you’ve got heaps of things to remember, from payroll to ordering. Make it easier by setting everything for your website that you can to update automatically. Whether it’s automatically renewing your domain name, updating your software or making backups; you can set and forget and focus on other areas, like converting more customers.

Back it

Even with the best laid plans, things can go wrong. Sometimes it’s because the latest stock order is running late and sometimes it’s because something goes a bit peculiar with your website. Having a recent backup of your website is invaluable if something goes wrong. They’re most useful if they’re recent and cover both the pages themselves and any data your website holds, like customer databases.

Check it

It seems obvious, but one of the best ways to keep your website safe is to keep an eye on it. When you check your website regularly, you’re familiar with what’s on it and it makes it easier to notice when something’s out of place. For example, if you notice some weird content that you didn’t put there, someone else might have access to your website and is using it to host bad content.

Want to know more about how to keep your website safe? Check out CERT NZ’s website for more details on how to protect your website and to download their handy business website checklist.